macOS网络扩展Packet Tunnel启用后DNS解析失败,mitmdump报nodename nor servname provided错误
2026-4-7
macOS网络扩展Packet Tunnel启用后DNS解析失败,mitmdump报nodename nor servname provided错误
看起来你遇到的问题是Packet Tunnel启用后,DNS请求无法正常传递导致域名解析失败,进而让mitmdump无法建立后端连接。我来帮你分析几个关键问题点,以及对应的解决方案:
1. 核心问题:DNS请求被隧道路由拦截且无法被HTTP代理处理
你设置了NEIPv4Route.default()作为包含路由,这会把所有IPv4流量都导向隧道,但DNS请求是UDP(或TCP)协议,而你的proxySettings只配置了HTTP/HTTPS代理——mitmdump本身不处理UDP DNS请求,所以这些请求会被丢弃,导致系统无法解析任何域名。
解决方案:让DNS流量绕过隧道和代理
修改你的IPv4设置,添加DNS服务器的排除路由,确保到Google DNS的流量直接走原生网络接口,不经过隧道:
override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) { NSLog("Starting the tunnel...") let tunnelSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "10.10.0.1") // DNS设置 let dnsServers = ["8.8.8.8", "8.8.4.4"] let dnsSettings = NEDNSSettings(servers: dnsServers) dnsSettings.matchDomains = nil tunnelSettings.dnsSettings = dnsSettings // IPv4设置:添加DNS服务器的排除路由,修复地址冲突 let ipv4Settings = NEIPv4Settings(addresses: ["10.10.0.2"], subnetMasks: ["255.255.255.0"]) // 本地隧道地址改为10.10.0.2,避免和远端地址冲突 ipv4Settings.includedRoutes = [NEIPv4Route.default()] // 排除到DNS服务器的流量,直接走原生网络 let excludedRoutes = dnsServers.map { NEIPv4Route(destinationAddress: $0, subnetMask: "255.255.255.255") } ipv4Settings.excludedRoutes = excludedRoutes tunnelSettings.ipv4Settings = ipv4Settings // 代理设置:添加DNS服务器到例外列表 let proxySettings = NEProxySettings() proxySettings.autoProxyConfigurationEnabled = false proxySettings.httpEnabled = true proxySettings.httpServer = NEProxyServer(address: "127.0.0.1", port: 8080) proxySettings.httpsEnabled = true proxySettings.httpsServer = NEProxyServer(address: "127.0.0.1", port: 8080) proxySettings.exceptionList = ["localhost", "127.0.0.1", "10.10.0.1"] + dnsServers // 加入DNS服务器 proxySettings.matchDomains = nil tunnelSettings.proxySettings = proxySettings setTunnelNetworkSettings(tunnelSettings) { error in if let error = error { NSLog("Failed to apply tunnel settings: \(error.localizedDescription)") completionHandler(error) return } NSLog("Tunnel settings applied successfully.") completionHandler(nil) } }
2. 确保mitmdump自身能正确解析域名
即使系统DNS恢复正常,mitmdump在建立后端连接时可能需要自己解析域名,建议启动mitmdump时指定DNS服务器,避免依赖系统可能异常的DNS环境:
mitmdump --set dns.server=8.8.8.8,8.8.4.4
3. 修复隧道地址冲突问题
你之前的代码中,隧道远端地址tunnelRemoteAddress和本地隧道地址ipv4Settings.addresses都用了10.10.0.1,这会导致IP地址冲突,影响路由表的正确性。上面的代码已经把本地地址改为10.10.0.2,解决了这个问题。
验证步骤
- 重启你的Packet Tunnel扩展
- 运行
dig google.com或者ping google.com,确认DNS解析正常 - 查看mitmdump日志,应该能看到类似
server connect google.com:443 (xxx.xxx.xxx.xxx:443)的正常连接日志
内容来源于stack exchange
